Golioth
v1.0.0Golioth integration. Manage data, records, and automate workflows. Use when the user wants to interact with Golioth data.
⭐ 0· 47·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Golioth integration) align with the instructions: the skill tells the agent to use Membrane to connect to Golioth, discover actions, run actions, or proxy API calls. Required capabilities (network + Membrane account) are expected for this integration.
Instruction Scope
The SKILL.md stays on-topic: it describes using the Membrane CLI to authenticate, create a connection, list actions, run actions, and proxy requests to Golioth. It explicitly advises not to ask users for API keys. One operational note: proxying requests via Membrane means request payloads and responses transit Membrane's service — users should understand that data will flow through Membrane rather than directly to Golioth.
Install Mechanism
There is no formal install spec, but the instructions tell operators to run `npm install -g @membranehq/cli` or use `npx`. Asking users/agents to install a global npm CLI is reasonable for this integration but is higher-risk than pure instruction-only since it will write files and install code if executed. Confirm the CLI package and source before installing.
Credentials
The skill declares no required environment variables, config paths, or credentials. Authentication is delegated to Membrane (browser login / connection flow). This is proportional to the stated purpose.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or global agent settings. It is user-invocable and can be run autonomously per platform defaults — no elevated persistence is requested.
Assessment
This skill appears to do exactly what it says: use the Membrane CLI to connect to Golioth and run or proxy API calls. Before installing or running commands: (1) verify the npm package name/version on the official registry and the repository (to ensure you trust @membranehq/cli); (2) be aware that using the Membrane proxy routes request/response data through Membrane's servers (don't send secrets you wouldn't want Membrane to see); (3) prefer using npx for one-off runs if you don't want a global install; (4) avoid running installs as root and inspect the CLI or run it in an isolated environment if you have doubts. If you need the agent to act on very sensitive device data, review Membrane's privacy/security documentation first.Like a lobster shell, security has layers — review code before you run it.
latestvk9754mv60nwsbgvptjrf47cynn84dcxx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.